Details

    • Type: Bug Bug
    • Status: Closed Closed (View Workflow)
    • Priority: Blocker Blocker
    • Resolution: Done
    • Affects Version/s: 2.0.2.SP1, 2.0.3.CR1
    • Fix Version/s: 2.1.0.BETA1
    • Component/s: Core
    • Environment:
      Ubuntu 7.10, Tomcat 6.0, Seam 2.0.2/2.0.3
    • Workaround Description:
      Hide

      None at present.

      Show
      None at present.
    • Estimated Difficulty:
      Medium
    • Similar Issues:
      Show 10 results 

      Description

      As per what Shane Bryzak suggested in this thread (Shane suggested that I assign it to him but I couldn't find that feature in this web form):

      http://www.seamframework.org/Community/SeamAndHTTPS

      I am submitting this bug report.

      Using Seam 2.0.2/2.0.3 with Tomcat 6, if you have pages in your web app that switch between different protocols (i.e., between HTTP and HTTPS), the Seam links are not using the correct port. This bug is reproducible 100% of the time. In order to reproduce, have Tomcat 6 running (you don't need a DB) and ensure that Tomcat 6 has the following lib in its $CATALINA_HOME/lib folder: el-api.jar

      The application must contain the following libs in it's class path as well:
      antlr.jar
      asm.jar
      cglib.jar
      commons-beanutils.jar
      commons-codec-1.3.jar
      commons-collections.jar
      commons-digester.jar
      commons-lang.jar
      commons-logging.jar
      dom4j.jar
      ejb-api.jar
      javassist.jar
      jboss-archive-browsing.jar
      jboss-el.jar
      jboss-seam-debug.jar
      jboss-seam-ioc.jar
      jboss-seam.jar
      jboss-seam-ui.jar
      jsf-api.jar
      jsf-facelets.jar
      jsf-impl.jar
      jstl.jar
      jta.jar
      lucene-core.jar
      persistence-api.jar
      spring.jar

      Your Tomcat server.xml file (found in $CATALINA_HOME/conf folder) should uncomment the following:

      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
      maxThreads="150" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" />

      Don't worry about the fact that you're not specifying the keystore, if you've set up the keystore, Tomcat 6 will find it (new feature, saves typing). Having said that, you'll need to have set up the keystore (set up on your OS which is pretty brainless on either Windows or Linux) for Tomcat as per the following guide from Apache:

      http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

      Don't worry, it's a pretty easy-to-follow set of steps creating a keystore (should take no longer than five minutes - especially if you use the default values that the quick tutorial says to use). Your pages.xml file looks like this (copy/paste):

      <?xml version="1.0" encoding="UTF-8"?>
      <pages xmlns="http://jboss.com/products/seam/pages"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.0.xsd"
      http-port="8080" https-port="8443"
      no-conversation-view-id="/index.xhtml"
      login-view-id="/index.xhtml">
      <page view-id="*" scheme="http" />
      <page view-id="/register.xhtml" scheme="https"/>
      </pages>

      Also, make sure you do NOT specify any sort of security constraints in your web.xml file since we are already specifying protocol choices in the above pages.xml file (I found this out the hard way).

      Create a Facelets template as (copy/paste):
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets">

      <head>
      <title>Test HTTP and HTTPS Pages</title>
      </head>
      <body>
      <ui:insert name="body"><div>Hello Facelets</div></ui:insert>
      </body>
      </html>

      Based on the template, create two pages. The first page is the index page which uses the default HTTP and so port 8080 from Tomcat default port (copy/paste):

      <?xml version='1.0' encoding='UTF-8' ?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:s="http://jboss.com/products/seam/taglib" >
      <body>
      <ui:composition template="./template.xhtml">
      <ui:define name="body">
      <p>This page is http://localhost:8080/test/index.html</p>
      <s:link view="/register.xhtml" value="register"/>
      <p>Here's a Seam s:link to the register page:</p>
      <p>Here's a regular HTML anchor to the register page: <a href="./register.html">register</a></p>
      </ui:define>
      </ui:composition>
      </body>
      </html>

      Next is the register page which is using SSL (and so port 8443 in Tomcat 6 by default, copy/paste):

      <?xml version='1.0' encoding='UTF-8' ?>
      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      <html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:ui="http://java.sun.com/jsf/facelets"
      xmlns:s="http://jboss.com/products/seam/taglib" >
      <body>
      <ui:composition template="./template.xhtml">
      <ui:define name="body">
      <p>This page is defined as an HTTPS page (i.e., using SSL) within the pages.xml file and thus under Seam 2.0.3 under Tomcat 6 is actually at: https://localhost:8443/test/register.html</p>
      <p>Go back to the index.html page which is not using SSL (so at port 8080):</p>
      <s:link view="/index.xhtml" value="index"/>
      <p>Here's a Seam s:link to the index page:</p>
      <p>Here's a regular HTML anchor to the index page: <a href="./index.html">index</a></p>
      </ui:define>
      </ui:composition>
      </body>
      </html>

      Once you start up Tomcat 6 and deploy your web app, if you type the URL of your index.html file you should see the page rendered. Check the source of that page (the index.html page) and take a look at Seam's s:link URL. It is:

      https://localhost:8080/test/register.html?conversationId=1

      Assuming it's the first conversation started (otherwise the conversation id will be n). Notice the wrong protocol (8080). It should be 8443 due to what we specified in the pages.xml file.

      This appears to be a bug - in the very least seam link elements should be able to specify the correct protocol if the pages.xml file states a particular protocol for a particular page.

      Let me know if you have any other questions, I will provide code, confirmation files as requested.

        Activity

        Hide
        Arron Ferguson
        added a comment -

        One other thing (and I'm sure you guys already know this since this is your framework), is to specify in your components.xml file that you are not using any sort of data stores or transaction management:

        <core:init transaction-management-enabled="false"/>
        <transaction:no-transaction/>

        Basically a "hello world" build with everything removed so as to isolate the problem.

        Show
        Arron Ferguson
        added a comment - One other thing (and I'm sure you guys already know this since this is your framework), is to specify in your components.xml file that you are not using any sort of data stores or transaction management: <core:init transaction-management-enabled="false"/> <transaction:no-transaction/> Basically a "hello world" build with everything removed so as to isolate the problem.
        Hide
        Shane Bryzak
        added a comment -

        Fixed in SVN. Thanks Arron for reporting this and for the detailed and concise test case.

        Show
        Shane Bryzak
        added a comment - Fixed in SVN. Thanks Arron for reporting this and for the detailed and concise test case.
        Hide
        Arron Ferguson
        added a comment -

        Shane, you're welcome. Thanks for fixing it so promptly. I'll look forward to the 2.1 Beta download.

        Show
        Arron Ferguson
        added a comment - Shane, you're welcome. Thanks for fixing it so promptly. I'll look forward to the 2.1 Beta download.
        Hide
        Rick Horowitz
        added a comment -

        I'd like to request that you fix this bug in for the 2.0.3 release.

        I used Seam in a production application with Glassfish V2 and have been hampered by a session dropping bug for almost a year now (using Seam 1.2 and Hibernate 3.2.6). I just spent the better part of today upgrading to Hibernate 3.3.0, Seam 2.0.3 CR1, and all the associated packages and have run into this https port bug. HTTPS port switching worked fine with Seam 1.2, but is now broken in 2.0.3 and 2.0.2.

        Does this mean that I'll have to wait several more months for a Seam 2.1 release until Seam 2.x is usable for my application? I really hope you'll consider fixing this for the 2.0.3 release.

        Thanks very much for this and for all the work you do on Seam.

        Show
        Rick Horowitz
        added a comment - I'd like to request that you fix this bug in for the 2.0.3 release. I used Seam in a production application with Glassfish V2 and have been hampered by a session dropping bug for almost a year now (using Seam 1.2 and Hibernate 3.2.6). I just spent the better part of today upgrading to Hibernate 3.3.0, Seam 2.0.3 CR1, and all the associated packages and have run into this https port bug. HTTPS port switching worked fine with Seam 1.2, but is now broken in 2.0.3 and 2.0.2. Does this mean that I'll have to wait several more months for a Seam 2.1 release until Seam 2.x is usable for my application? I really hope you'll consider fixing this for the 2.0.3 release. Thanks very much for this and for all the work you do on Seam.

          People

          • Assignee:
            Shane Bryzak
            Reporter:
            Arron Ferguson
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: